Network Forensics: Tools of the Trade… At Scale and on a Budget
HTML-код
- Опубликовано: 9 фев 2022
- Newcomers to the world of network forensics are often unaware of the vast array of tools available to help them - especially when it comes to tools that work at large scale.
While the venerable Wireshark is often the first that jumps to mind, anyone who has used this staple tool knows its limitations lie in its scalability. Loading tens of gigabytes of data into Wireshark is at best an frustrating experience and at worst one that ends in a forced quit of the application.
Join Phil Hagen and David Szili in this livestream, where they’ll cover several critical tools that every network forensicator, investigator, or defender should have at the ready. As an added benefit - all of the tools they will discuss are free! Phil and David will cover several tools and their use cases. Zeek is ideal for extracting metadata from network traffic, Arkime makes full-packet capture, search, and analysis easy, and SOF-ELK(R), an appliance VM using the Elastic Stack, was purpose-built for log and NetFlow analysis.
All of these tools are also used in FOR572: Advanced Network Forensics and Analysis. However, since the tools are free for anyone to use, you can get started with them right away. Whether you’re examining a few hundred megabytes of logs, terabytes of network captures, or billions of NetFlow records, these tools can help provide the insight you need to support your investigations or defense operations.
#network #forensics #wireshark #investigator #dfir #digitalforensics 
Развлечения
text
thank you